1

I want to set cookie value in one function and their value use everywhere in cakephp 4 version. Currently , i can use cookie value inside the only one function which i have set their value.

  • I can get cookie value in index() function but i can't get cookie value in viewusers() function. Code is here :

use App\Controller\AppController;

use Cake\Http\Cookie\Cookie;

use Cake\Http\Cookie\CookieCollection

use DateTime;

class AdminController extends AppController {

function index(){
 $cookie = array();
 $cookie['admin_username'] = $requestData['username'];
 $cookie['admin_password'] = $requestData['password'];
 $cookies = new Cookie('AuthAdmin',$cookie, new DateTime('+1 weeks'));
 $response = $this->response->withCookie($cookie);
 return $this->redirect('admin/viewusers');
}

function viewusers() {
$cookies = new CookieCollection();
$data = $cookies->get('AuthAdmin');
print_r($data);
// cookie value not found in $data variable.
$response = $this->response->getCookie('Auth.Admin');
print_r($response);
// cookie value not found in $response variable.
}

}

  • I can get cookie value in index() function but i can't get cookie value in viewusers() function.
developer
  • 23
  • 3
  • Do you mean you want to set and then use it in other functions during the same request (e.g. set it in the controller and then reference it in the template)? Or set it in one request and then reference it in later requests (e.g. set it when the user logs in and then reference it again later when viewing or editing records)? And please share the code that you're using to set the cookie. – Greg Schmidt Oct 01 '21 at 17:09
  • Code is here : class AdminController extends AppController { function index(){ $cookie = array(); $cookie['admin_username'] = $requestData['username']; $cookie['admin_password'] = $requestData['password']; $cookies = new Cookie('AuthAdmin',$cookie, new DateTime('+1 weeks')); } function viewusers() { $cookies = new CookieCollection(); $data = $cookies->get('AuthAdmin'); print_r($data); // cookie value not found in $data variable. } } I can get cookie value in index() function but i can't get cookie value in viewusers() function. – developer Oct 02 '21 at 06:33
  • You have created a Cookie object. You have not added it to the response. But putting that sort of information in a cookie is a very bad security practice! You perhaps meant to write that to the session instead? – Greg Schmidt Oct 02 '21 at 14:27
  • I have tried to add it to the response but still i am getting null cookie value. Response added like : $response = $this->response->withCookie($cookie); and get cookie value like : $this->response->getCookie($cookiename); – developer Oct 02 '21 at 15:23
  • Did you return this new response object from your controller? And are you REALLY sure that you want to be sending a cookie with the user's password in it? – Greg Schmidt Oct 02 '21 at 17:59
  • Yes - this new response object return from controller. – developer Oct 03 '21 at 15:35
  • It's good practice in cases like this to edit your question to show the latest version of your code. You say you're returning it, but there's many ways to do that wrong. In other words, don't tell us that you're returning it, show us that you are. – Greg Schmidt Oct 03 '21 at 15:38
  • ok - i have updated latest code. – developer Oct 04 '21 at 05:23
  • You have set the cookie in the `$response` variable, but then you return `$this->redirect`, so the cookie is *not* part of what you're returning. – Greg Schmidt Oct 04 '21 at 05:32
  • how to remove cookie value while logout action ? – developer Oct 04 '21 at 14:36

1 Answers1

1

Try this:

function index(){
    $cookie = array();
    $cookie['admin_username'] = $requestData['username'];
    $cookie['admin_password'] = $requestData['password'];
    $cookies = new Cookie('AuthAdmin',$cookie, new DateTime('+1 weeks'));
    return $this
        // redirect returns a response object, so you can chain the cookie call onto that
        ->redirect('admin/viewusers')
        // Note that this uses $cookies, not $cookie
        ->withCookie($cookies);
}

But again, I cannot stress strongly enough that sending a cookie with the user's username and password in it is a very bad thing from a security perspective.

Greg Schmidt
  • 5,010
  • 2
  • 14
  • 35